public TSentryActiveRoleSet deepCopy() { return new TSentryActiveRoleSet(this); }
/** * Performs a deep copy on <i>other</i>. */ public TListSentryPrivilegesForProviderRequest(TListSentryPrivilegesForProviderRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetGroups()) { Set<String> __this__groups = new HashSet<String>(other.groups); this.groups = __this__groups; } if (other.isSetRoleSet()) { this.roleSet = new TSentryActiveRoleSet(other.roleSet); } if (other.isSetAuthorizableHierarchy()) { this.authorizableHierarchy = new TSentryAuthorizable(other.authorizableHierarchy); } if (other.isSetUsers()) { Set<String> __this__users = new HashSet<String>(other.users); this.users = __this__users; } }
/** * Performs a deep copy on <i>other</i>. */ public TListSentryPrivilegesByAuthRequest(TListSentryPrivilegesByAuthRequest other) { __isset_bitfield = other.__isset_bitfield; this.protocol_version = other.protocol_version; if (other.isSetRequestorUserName()) { this.requestorUserName = other.requestorUserName; } if (other.isSetAuthorizableSet()) { Set<TSentryAuthorizable> __this__authorizableSet = new HashSet<TSentryAuthorizable>(other.authorizableSet.size()); for (TSentryAuthorizable other_element : other.authorizableSet) { __this__authorizableSet.add(new TSentryAuthorizable(other_element)); } this.authorizableSet = __this__authorizableSet; } if (other.isSetGroups()) { Set<String> __this__groups = new HashSet<String>(other.groups); this.groups = __this__groups; } if (other.isSetRoleSet()) { this.roleSet = new TSentryActiveRoleSet(other.roleSet); } if (other.isSetUsers()) { Set<String> __this__users = new HashSet<String>(other.users); this.users = __this__users; } }
throws Exception { Map<String, Set<TSentryPrivilege>> resultPrivilegeMap = Maps.newTreeMap(); Set<String> roles = getRolesToQuery(groups, null, new TSentryActiveRoleSet(true, null));
groups, Collections.singleton(grantorUser), new TSentryActiveRoleSet(true, null), null );
case 3: // ROLE_SET if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.roleSet = new TSentryActiveRoleSet(); struct.roleSet.read(iprot); struct.setRoleSetIsSet(true);
case 5: // ROLE_SET if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.roleSet = new TSentryActiveRoleSet(); struct.roleSet.read(iprot); struct.setRoleSetIsSet(true);
struct.roleSet = new TSentryActiveRoleSet(); struct.roleSet.read(iprot); struct.setRoleSetIsSet(true);
struct.roleSet = new TSentryActiveRoleSet(); struct.roleSet.read(iprot); struct.setRoleSetIsSet(true);
privilegeSet.addAll(sentryStore.listSentryPrivilegesByUsersAndGroups( principalGroups, principalUsers, new TSentryActiveRoleSet(true, null), request.getAuthorizableHierarchy())); response.setPrivileges(privilegeSet);
request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
@Override public Set<String> listPrivilegesForProvider (Set<String> groups, Set<String> users, ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException { TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()); TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest(ThriftConstants. TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet); if (authorizable != null && authorizable.length > 0) { TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists .newArrayList(authorizable)); request.setAuthorizableHierarchy(tSentryAuthorizable); } if (users != null) { request.setUsers(users); } try { TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request); Status.throwIfNotOk(response.getStatus()); return response.getPrivileges(); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
@Test public void testSentryTablePrivilegeSome() throws Exception { String roleName = "test-table-privilege-some"; String grantor = "g1"; String dbName = "db1"; String table = "tb1"; createRole(roleName); TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL"); tSentryPrivilege.setDbName(dbName); tSentryPrivilege.setTableName(table); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE, roleName, Sets.newHashSet(tSentryPrivilege), null); TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); tSentryAuthorizable.setDb(dbName); tSentryAuthorizable.setTable(AccessConstants.SOME); tSentryAuthorizable.setServer("server1"); Set<TSentryPrivilege> privileges = sentryStore.getTSentryPrivileges(SentryPrincipalType.ROLE, new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable); assertTrue(privileges.size() == 1); Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>(); tSentryGroups.add(new TSentryGroup("group1")); sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName))); Set<String> privs = sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), Sets.newHashSet(grantor), thriftRoleSet, tSentryAuthorizable); assertTrue(privs.size()==1); assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all")); }
sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName)));
sentryStore.alterSentryRoleAddUsers(roleName2, Sets.newHashSet("user1")); TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName1,roleName2)));
.newHashSet(groupName1), noRoleUsers, new TSentryActiveRoleSet(true, new HashSet<String>())))); .newHashSet(""), Sets.newHashSet(userName1), new TSentryActiveRoleSet(true, new HashSet<String>())))); .newHashSet(groupName1), Sets.newHashSet(userName1), new TSentryActiveRoleSet(true, new HashSet<String>())))); SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( Sets.newHashSet(groupName1), noRoleUsers, new TSentryActiveRoleSet(false, Sets.newHashSet(roleName1))))); SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( Sets.newHashSet(groupName1), noRoleUsers, new TSentryActiveRoleSet(false, Sets.newHashSet("not a role"))))); new TSentryActiveRoleSet(false, new HashSet<String>())))); "server=server1"), SentryStore.toTrimedLower(sentryStore .listAllSentryPrivilegesForProvider(Sets.newHashSet(groupName2), Sets.newHashSet(""), new TSentryActiveRoleSet(true, new HashSet<String>())))); new TSentryActiveRoleSet(true, new HashSet<String>())))); Sets.newHashSet(userName2), new TSentryActiveRoleSet(true, new HashSet<String>())))); SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( Sets.newHashSet(groupName2), noRoleUsers,
@Test public void testListSentryPrivilegesForProviderForUser() throws Exception { String userName1 = "list-privs-user1"; String userName2 = "list-privs-user2"; sentryStore.createSentryUser(userName1); sentryStore.createSentryUser(userName2); TSentryPrivilege privilege1 = new TSentryPrivilege(); privilege1.setPrivilegeScope("TABLE"); privilege1.setServerName("server1"); privilege1.setDbName("db1"); privilege1.setTableName("tbl1"); privilege1.setAction("SELECT"); privilege1.setCreateTime(System.currentTimeMillis()); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName1, Sets.newHashSet(privilege1), null); privilege1.setAction("ALL"); sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.USER, userName2, Sets.newHashSet(privilege1), null); assertEquals(Sets.newHashSet("server=server1->db=db1->table=tbl1->action=select"), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider( new HashSet<String>(), Sets.newHashSet(userName1), new TSentryActiveRoleSet(true, new HashSet<String>())))); }
Sets.newHashSet(groupName), Sets.newHashSet(userName), new TSentryActiveRoleSet(true, new HashSet<>()), null));